site2site OpenVPN connection between two ASUS routers

ZoloN

New Around Here
hi all,

I have searched for a quite long time for site2site OpenVPN setup guide for ASUS routers. finally, I have found the right inspiration and successfully configured working site2site OpenVPN connection between my two RT-AC66U_B1 routers.
Enjoy: https://blog.sandbox.sk/?p=12

/BR
Zolo
 

martinr

Part of the Furniture
Welcome to the forum. What an interesting post for yout first message. I’m sure that will get referred to in future.

It’ll be interesting to see what comments follow. I’m not sure about “DDNS on client side is optional, but I recommend it for remote access via Asus AiCloud app”. We’ll see what others think.

Thanks for that.
 
Last edited:

ZoloN

New Around Here
hi martinr,
DDNS on client side has nothing to do with the tunnel functionality, on other hand, on server side is mandatory if you have dynamic public IP (most of us have this for sure, as fixed public IP from ISP side costs mostly a lot of money)
and thanks for welcome message! ;)
/BR
Zolo
 

martinr

Part of the Furniture
hi martinr,
DDNS on client side has nothing to do with the tunnel functionality, on other hand, on server side is mandatory if you have dynamic public IP (most of us have this for sure, as fixed public IP from ISP side costs mostly a lot of money)
and thanks for welcome message! ;)
/BR
Zolo
You’re most welcome; it’s a great forum. I hope you like it.

It was the remote access via Asus AICloud app that caught my eye.
 

ZoloN

New Around Here
It was the remote access via Asus AICloud app that caught my eye.
I use AiCloud android app to quickly check the state of my home network (e.g. which devices are online... :cool:) when I'm not @home...
 

L&LD

Part of the Furniture

ZoloN

New Around Here

L&LD

Part of the Furniture
Not quite sure... I didn't read it carefully enough, but is IMHO too long and the first thing that confuses me little bit is usage of UDP instead of IP connection recommended by official OpenVPN site (see the link on the end of my blog)
If it does the same thing, the choices are good. ;)
 

ZoloN

New Around Here
If it does the same thing, the choices are good. ;)
second thing that confuses me on the mentioned guide - on the client side (see part 4, step 34, non-Fusion router) the setup is completely different from my RT-AC66U_B1 with Merlin firmware - for example, just uploading file and activating will not work, as the parameter "Create NAT on tunnel" is by default "Yes" and has to be changed manually - which prevents the bi-directional communication initiation.
probably is the guide about stock FW and not about Merlin's one (see part 1, step 9 and part 4 step 27)
 

58chev

Regular Contributor
Forgive my ignorance. :confused:

Will this work for Same Site OpenVPN Server & OpenVPN Client on two ASUS Routers?
 

skeal

Part of the Furniture
Forgive my ignorance. :confused:

Will this work for Same Site OpenVPN Server & OpenVPN Client on two ASUS Routers?
What this refers to is a vpn client to server connection. Not to be confused with a client to vpn provider connection.
 

58chev

Regular Contributor
What this refers to is a vpn client to server connection. Not to be confused with a client to vpn provider connection.
NO?

So, Each router needs it's own WAN-IP? for this scenario to work?
 

skeal

Part of the Furniture
NO?

So, Each router needs it's own WAN-IP? for this scenario to work?
Yes, most members here that use this function have a Asus OVPN client connecting to a Asus OVPN server to remotely administer the network attached. In my case I have a site2site to my parents place. My router is a AX88U and my parents have a AC3100.
 

elorimer

Very Senior Member
Will this work for Same Site OpenVPN Server & OpenVPN Client on two ASUS Routers?
Why would you want to form a tunnel within the same site? (By which I assume you mean on the same physical lan.)
 

58chev

Regular Contributor
Why would you want to form a tunnel within the same site? (By which I assume you mean on the same physical lan.)
Like I said, I haven't a clue, just trying to wrap my head around VPN.

What I would like to do is connect to OpenVPN Server from an OpenVPN Client and surf the net.

Is this not like sitting at home, start up a client and connecting to a paid service?

If I VPN into my network from work and then surf, am I not surfing behind a VPN connection?
 

elorimer

Very Senior Member
Okay, so I think of it this way. Inside my building I have ethernet cabling from all my devices to the router, and then from the router through the firewall to the internet. Everything in the building is a private network--you have to be physically connected to have access. Someplace out in the internet, I can use an Openvpn client to connect to an Openvpn server on the router. That tunnel is a virtual private network, achieving through encryption almost the same as being physically connected. But if I am physically connected to the router, I have no need to also virtually connect on top of that. So there is never any need for a same site tunnel, which is what I thought your question was.

Viable uses are these:

1. I am at a place with an insecure connection, like a wifi hotspot. I use an Openvpn client to connect to the router's Openvpn server and through it physically access computers on my local private network.
2. I am at a place with an insecure connection, like a wifi hotspot, and I want to surf the internet. I connect to the router's Openvpn server and use its internet connection to surf; this is equivalent to surfing from my local private network.
3. I am on my private network, but when I surf the internet I either do not trust the internet connection of the router, or I do not want to appear to be connecting to the internet connection of the router. I can use an Openvpn client on the router to connect to a different Openvpn server, and appear to be surfing from the Openvpn server, with my privacy secure all the way to that server.
4. I combine 2 and 3, although one would ask why not skip the router and connect entirely to the other Openvpn server.
5. I have two private networks, like one at my vacation house and one at my residence, and I want to connect both of them together as if they were one big happy private network possibly only surfing the internet only through the internet connection at my residence, or possibly not. This is what the OP's guide is about.
 

Grisu

Part of the Furniture
If I VPN into my network from work and then surf, am I not surfing behind a VPN connection?
sure you do, but only from perspective of your work-IT to hide your traffic.
and you can do the same at home to a paid VPN-provider to hide it against ISP and others ...
 

58chev

Regular Contributor
sure you do, but only from perspective of your work-IT to hide your traffic.
and you can do the same at home to a paid VPN-provider to hide it against ISP and others ...
Any reason why it has to be a paid VPN provider? And not client server from home?
 

skeal

Part of the Furniture
And not client server from home?
These are on the same network and part of the same router, it wouldn't accomplish anything.
 

skeal

Part of the Furniture
Any reason why it has to be a paid VPN provider? And not client server from home?
Using a paid vpn provider allows you to Geo-locate yourself somewhere else. A common example is people wanting USA Netflix. This can be done with a paid VPN service and your router's client connected to it.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top